Want to apply risk-based thinking? This you should know

April 12, 2019April 11, 2019

ISO 13485:2016 requires companies to use risk-based thinking to manage their business.

Risk is inherent in all aspects of a QMS. There are risks in all systems, processes and functions. Risk-based thinking ensures that any potential risks are identified, considered and controlled throughout the design and use of the quality management system.

If
you want to implement it, these are things you need to know…

Risk is combination of the probability of occurrence of harm and the severity of that harm.

The risk can be reduced, by reducing the likelihood of occurrence of an unwanted incident or the severity of damage in case of that incident. It is usually more problematic to reduce the severity of the damage then the likelihood of an unpleasant incident from occurring.

Every
process in a company is a source of risk.
An unwanted incident occurs whenever a process does not perform as
intended. The severity of harm is based on the type of process.

Once
the processes that make up the QMS system are defined, these are
steps to manage process risk with the QMS system:

risks
of the processes must be defined

action
plan to address risks must be developed

The actions taken to reduce the risk should be proportionate to the potential impact that the activities will have on the quality of the delivered products and services. Since companies do not have limitless funds, it is not possible to work on all causes of risk in the processes of the QMS.

The standard does not require the use of any specific risk management tools. Following the steps from ISO 14971 is the sigh you’re on good way in your risk assessment.

Great article. But, I’m not sure how the risk-based approach can be implemented in every process within the organization? For example, how is that conducted regarding suppliers? Is the evaluation of suppliers enough? That’s risk-based approach toward suppliers? Hope someone can help…